diff --git a/.gitignore b/.gitignore index 53131df..d1ed73c 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ examples/*/.terraform.tfstate.lock.info terraform.tfstate examples/*/kubeconfig.yaml examples/*/terraform.tfstate.backup +examples/*/*.tfvars diff --git a/README.md b/README.md index 92987b4..d449e02 100644 --- a/README.md +++ b/README.md @@ -25,13 +25,11 @@ Terraform module that creates kyma runtime in SAP BTP platform. | BTP_BACKEND_URL | false | https://cli.btp.cloud.sap | URL of the BTP backend API (on canary environment this has to be set to `https://cpcli.cf.sap.hana.ondemand.com`). | | BTP_KYMA_PLAN | false | azure | Use one of a valid kyma plans that you are entitled to use (One of: `azure`, `gcp`, `aws`,`sap-converged-cloud`) | | BTP_KYMA_REGION | false | westeurope | Use a valid kyma region that matches your selected kyma plan | -| BTP_PROVIDER_SUBACCOUNT_ID | false | | Use a UUID of a SAP BTP Subaccount where you already have a sharable service instances which you would like to reference in the new kyma runtime | ### Outputs | Name | Condition for output presence | Description | |------------------------------------|-------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| custom_service_manager_credentials | Present only if `BTP _PROVIDER_SUBACCOUNT_ID` was given as input | Contains json-decoded parts of the provider subaccount's service manager secret data. Allows to reference a shared service instances from another (provider) subaccount | | kubeconfig | Always | yaml-encoded parts of the output kubeconfig. It can be used to initialise terraform kubernetes provider in the root module | | subaccount_id | Always | subaccount ID of the created subaccount. It can be used to forcefully cleanup the subaccount i.e via BTP CLI | diff --git a/examples/kyma-on-btp-new-sa/local-template.tfvars b/examples/kyma-on-btp-new-sa/.tfvars-template similarity index 95% rename from examples/kyma-on-btp-new-sa/local-template.tfvars rename to examples/kyma-on-btp-new-sa/.tfvars-template index 634d2bc..72f82b6 100644 --- a/examples/kyma-on-btp-new-sa/local-template.tfvars +++ b/examples/kyma-on-btp-new-sa/.tfvars-template @@ -21,5 +21,3 @@ BTP_CUSTOM_IAS_DOMAIN = "" BTP_KYMA_PLAN = "" # Must match options for given plan; i.e `westeurope` is a valid kyma region for kyma plan `azure` BTP_KYMA_REGION = "" -#optional -BTP_PROVIDER_SUBACCOUNT_ID = "" \ No newline at end of file diff --git a/examples/kyma-on-btp-new-sa/README.md b/examples/kyma-on-btp-new-sa/README.md index 2edab9d..0ea318f 100644 --- a/examples/kyma-on-btp-new-sa/README.md +++ b/examples/kyma-on-btp-new-sa/README.md @@ -28,8 +28,7 @@ In this example a new subaccount is created automatically. Please ensure the fol - make sure that your custom SAP IAS tenant is trusted on global account level, - make sure that technical user (bot user) is added to the global account and is assigned a global account administrator role collection, - make sure the technical user is added to your custom SAP IAS tenant. - - if you decide to use provider subaccount in order to create disposable references to existing, shared instances of stateful services (via `BTP_PROVIDER_SUBACCOUNT_ID` environment variable ) the bot user would need to have `Subaccount Viewer` role collection assigned in the provider subaccount. - + ## Run Run the example: diff --git a/examples/kyma-on-btp-new-sa/main.tf b/examples/kyma-on-btp-new-sa/main.tf index f442527..ce7e3e3 100644 --- a/examples/kyma-on-btp-new-sa/main.tf +++ b/examples/kyma-on-btp-new-sa/main.tf @@ -35,7 +35,6 @@ module "kyma" { BTP_KYMA_REGION = var.BTP_KYMA_REGION BTP_BOT_USER = var.BTP_BOT_USER BTP_BOT_PASSWORD = var.BTP_BOT_PASSWORD - BTP_PROVIDER_SUBACCOUNT_ID = var.BTP_PROVIDER_SUBACCOUNT_ID BTP_NEW_SUBACCOUNT_REGION = var.BTP_NEW_SUBACCOUNT_REGION BTP_KYMA_MODULES = var.BTP_KYMA_MODULES } @@ -43,3 +42,15 @@ module "kyma" { output "subaccount_id" { value = module.kyma.subaccount_id } + +output "service_instance_id" { + value = module.kyma.service_instance_id +} + +output "service_id" { + value = module.kyma.service_id +} + +output "platform_id" { + value = module.kyma.platform_id +} \ No newline at end of file diff --git a/examples/kyma-on-btp-new-sa/variables.tf b/examples/kyma-on-btp-new-sa/variables.tf index 2736d74..5f4c001 100644 --- a/examples/kyma-on-btp-new-sa/variables.tf +++ b/examples/kyma-on-btp-new-sa/variables.tf @@ -62,12 +62,6 @@ variable "BTP_KYMA_REGION" { default = "westeurope" } -variable "BTP_PROVIDER_SUBACCOUNT_ID" { - type = string - description = "Subaccount ID" - default = null -} - variable "BTP_KYMA_MODULES" { type = list(object({ name = string diff --git a/examples/kyma-on-btp-reuse-sa/local-template.tfvars b/examples/kyma-on-btp-reuse-sa/.tfvars-template similarity index 94% rename from examples/kyma-on-btp-reuse-sa/local-template.tfvars rename to examples/kyma-on-btp-reuse-sa/.tfvars-template index 23d2421..ac52eee 100644 --- a/examples/kyma-on-btp-reuse-sa/local-template.tfvars +++ b/examples/kyma-on-btp-reuse-sa/.tfvars-template @@ -18,5 +18,3 @@ BTP_CUSTOM_IAS_DOMAIN = "" BTP_KYMA_PLAN = "" # Must match options for given plan; i.e `westeurope` is a valid kyma region for kyma plan `azure` BTP_KYMA_REGION = "" -#optional -BTP_PROVIDER_SUBACCOUNT_ID = "" \ No newline at end of file diff --git a/examples/kyma-on-btp-reuse-sa/README.md b/examples/kyma-on-btp-reuse-sa/README.md index 70acd7d..118b369 100644 --- a/examples/kyma-on-btp-reuse-sa/README.md +++ b/examples/kyma-on-btp-reuse-sa/README.md @@ -28,7 +28,6 @@ In this example a new subaccount is not created automaticallu but an existing su - make sure that your custom SAP IAS tenant is trusted on subbaccount level, - make sure that technical user (bot user) is added to the subaccount and is assigned a subaccount administrator role collection, - make sure the technical user is added to your custom SAP IAS tenant. - - if you decide to use provider subaccount in order to create disposable references to existing, shared instances of stateful services (via `BTP_PROVIDER_SUBACCOUNT_ID` environment variable ) the bot user would need to have `Subaccount Viewer` role collection assigned in the provider subaccount. ## Run Run the example: diff --git a/examples/kyma-on-btp-reuse-sa/main.tf b/examples/kyma-on-btp-reuse-sa/main.tf index 9feebd0..b1d1bfb 100644 --- a/examples/kyma-on-btp-reuse-sa/main.tf +++ b/examples/kyma-on-btp-reuse-sa/main.tf @@ -34,6 +34,5 @@ module "kyma" { BTP_KYMA_REGION = var.BTP_KYMA_REGION BTP_BOT_USER = var.BTP_BOT_USER BTP_BOT_PASSWORD = var.BTP_BOT_PASSWORD - BTP_PROVIDER_SUBACCOUNT_ID = var.BTP_PROVIDER_SUBACCOUNT_ID BTP_USE_SUBACCOUNT_ID = var.BTP_USE_SUBACCOUNT_ID } diff --git a/examples/kyma-on-btp-reuse-sa/variables.tf b/examples/kyma-on-btp-reuse-sa/variables.tf index 1909e2c..bf9e9ea 100644 --- a/examples/kyma-on-btp-reuse-sa/variables.tf +++ b/examples/kyma-on-btp-reuse-sa/variables.tf @@ -55,8 +55,3 @@ variable "BTP_KYMA_REGION" { default = "westeurope" } -variable "BTP_PROVIDER_SUBACCOUNT_ID" { - type = string - description = "Subaccount ID" - default = null -} diff --git a/main.tf b/main.tf index 4573f16..f3d89bb 100644 --- a/main.tf +++ b/main.tf @@ -43,6 +43,15 @@ resource "btp_subaccount_environment_instance" "kyma" { } } +data "btp_subaccount_environment_instance" "kyma-instance" { + depends_on = [ + btp_subaccount_environment_instance.kyma + ] + subaccount_id = local.subaccount_id + id = btp_subaccount_environment_instance.kyma.id +} + + data "http" "kubeconfig" { url = jsondecode(btp_subaccount_environment_instance.kyma.labels).KubeconfigURL retry { @@ -171,16 +180,7 @@ data "http" "token" { request_body = "grant_type=password&username=${var.BTP_BOT_USER}&password=${var.BTP_BOT_PASSWORD}&client_id=${local.idp.clientid}&scope=groups,email" } -#"provider-sm.tf" - -data "btp_subaccount_service_binding" "provider_sm" { - count = var.BTP_PROVIDER_SUBACCOUNT_ID == null ? 0 : 1 - subaccount_id = var.BTP_PROVIDER_SUBACCOUNT_ID - name = "provider-sm-binding" -} - #"subaccount.tf" - data "btp_subaccount" "reuse_subaccount" { count = var.BTP_USE_SUBACCOUNT_ID != null && var.BTP_NEW_SUBACCOUNT_NAME == null ? 1 : 0 id = var.BTP_USE_SUBACCOUNT_ID diff --git a/output.tf b/output.tf index 1625cd4..2d0c39f 100644 --- a/output.tf +++ b/output.tf @@ -1,7 +1,3 @@ -output "custom_service_manager_credentials" { - value = var.BTP_PROVIDER_SUBACCOUNT_ID == null ? null : jsondecode(one(data.btp_subaccount_service_binding.provider_sm).credentials) -} - output "kubeconfig" { value = yamlencode(jsondecode(data.jq_query.kubeconfig.result) ) } @@ -9,3 +5,15 @@ output "kubeconfig" { output "subaccount_id" { value = local.subaccount_id } + +output "service_instance_id" { + value = btp_subaccount_environment_instance.kyma.id +} + +output "service_id" { + value = data.btp_subaccount_environment_instance.kyma-instance.service_id +} + +output "platform_id" { + value = data.btp_subaccount_environment_instance.kyma-instance.platform_id +} diff --git a/variables.tf b/variables.tf index 548a9fb..53c8248 100644 --- a/variables.tf +++ b/variables.tf @@ -57,12 +57,6 @@ variable "BTP_BOT_PASSWORD" { sensitive = true } -variable "BTP_PROVIDER_SUBACCOUNT_ID" { - type = string - description = "Subaccount ID" - default = null -} - variable "BTP_BACKEND_URL" { type = string description = "Backend URL for BTP API; defaults to https://cli.btp.cloud.sap"